Commit 59a057c7bfb3d65e2b63736698da9ec6b90bb3a0
1 parent
39d689dc
Exists in
checkbox_to_user_can_edit_page
Add before_filter for check permission for open edit header and footer page
Showing
4 changed files
with
36 additions
and
3 deletions
Show diff stats
app/controllers/my_profile/profile_editor_controller.rb
| @@ -6,11 +6,13 @@ class ProfileEditorController < MyProfileController | @@ -6,11 +6,13 @@ class ProfileEditorController < MyProfileController | ||
| 6 | before_filter :access_welcome_page, :only => [:welcome_page] | 6 | before_filter :access_welcome_page, :only => [:welcome_page] |
| 7 | before_filter :back_to | 7 | before_filter :back_to |
| 8 | before_filter :forbid_destroy_profile, :only => [:destroy_profile] | 8 | before_filter :forbid_destroy_profile, :only => [:destroy_profile] |
| 9 | + before_filter :check_user_can_edit_header_footer, :only => [:header_footer] | ||
| 9 | helper_method :has_welcome_page | 10 | helper_method :has_welcome_page |
| 10 | 11 | ||
| 11 | def index | 12 | def index |
| 12 | @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)} | 13 | @pending_tasks = Task.to(profile).pending.without_spam.select{|i| user.has_permission?(i.permission, profile)} |
| 13 | @show_appearance_option = user.is_admin?(environment) || !environment.enabled?('disable_appearance') | 14 | @show_appearance_option = user.is_admin?(environment) || !environment.enabled?('disable_appearance') |
| 15 | + @show_header_footer_option = user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) | ||
| 14 | end | 16 | end |
| 15 | 17 | ||
| 16 | helper :profile | 18 | helper :profile |
| @@ -163,4 +165,9 @@ class ProfileEditorController < MyProfileController | @@ -163,4 +165,9 @@ class ProfileEditorController < MyProfileController | ||
| 163 | redirect_to_previous_location | 165 | redirect_to_previous_location |
| 164 | end | 166 | end |
| 165 | end | 167 | end |
| 168 | + | ||
| 169 | + def check_user_can_edit_header_footer | ||
| 170 | + user_can_not_edit_header_footer = !user.is_admin?(environment) && environment.enabled?('disable_header_and_footer') | ||
| 171 | + redirect_to back_to if user_can_not_edit_header_footer | ||
| 172 | + end | ||
| 166 | end | 173 | end |
app/controllers/themes_controller.rb
| @@ -43,8 +43,8 @@ class ThemesController < ApplicationController | @@ -43,8 +43,8 @@ class ThemesController < ApplicationController | ||
| 43 | private | 43 | private |
| 44 | 44 | ||
| 45 | def check_user_can_edit_appearance | 45 | def check_user_can_edit_appearance |
| 46 | - disable_appearance_enabled = !user.is_admin?(environment) && environment.enabled?('disable_appearance') | ||
| 47 | - redirect_to request.referer || "/" if disable_appearance_enabled | 46 | + user_can_not_edit_appearance = !user.is_admin?(environment) && environment.enabled?('disable_appearance') |
| 47 | + redirect_to request.referer || "/" if user_can_not_edit_appearance | ||
| 48 | end | 48 | end |
| 49 | 49 | ||
| 50 | end | 50 | end |
app/views/profile_editor/index.html.erb
| @@ -24,7 +24,7 @@ | @@ -24,7 +24,7 @@ | ||
| 24 | 24 | ||
| 25 | <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') if @show_appearance_option %> | 25 | <%= control_panel_button(_('Edit Appearance'), 'design-editor', :controller => 'profile_themes', :action => 'index') if @show_appearance_option %> |
| 26 | 26 | ||
| 27 | - <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if user.is_admin?(environment) || (!profile.enterprise? && !environment.enabled?('disable_header_and_footer')) %> | 27 | + <%= control_panel_button(_('Edit Header and Footer'), 'header-and-footer', :controller => 'profile_editor', :action => 'header_footer') if @show_header_footer_option %> |
| 28 | 28 | ||
| 29 | <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %> | 29 | <%= control_panel_button(_('Manage Content'), 'cms', :controller => 'cms') %> |
| 30 | 30 |
test/functional/profile_editor_controller_test.rb
| @@ -1184,4 +1184,30 @@ class ProfileEditorControllerTest < ActionController::TestCase | @@ -1184,4 +1184,30 @@ class ProfileEditorControllerTest < ActionController::TestCase | ||
| 1184 | get :index, :profile => user.identifier | 1184 | get :index, :profile => user.identifier |
| 1185 | assert_tag :tag => 'div', :descendant => { :tag => 'a', :content => 'Edit Header and Footer' } | 1185 | assert_tag :tag => 'div', :descendant => { :tag => 'a', :content => 'Edit Header and Footer' } |
| 1186 | end | 1186 | end |
| 1187 | + | ||
| 1188 | + should 'user cant edit header and footer if environment dont permit' do | ||
| 1189 | + environment = Environment.default | ||
| 1190 | + environment.settings[:disable_header_and_footer_enabled] = true | ||
| 1191 | + environment.save! | ||
| 1192 | + | ||
| 1193 | + user = create_user('user').person | ||
| 1194 | + login_as('user') | ||
| 1195 | + | ||
| 1196 | + get :header_footer, :profile => user.identifier | ||
| 1197 | + assert_response :redirect | ||
| 1198 | + end | ||
| 1199 | + | ||
| 1200 | + should 'admin can edit header and footer if environment dont permit' do | ||
| 1201 | + user = create_user('user').person | ||
| 1202 | + | ||
| 1203 | + environment = Environment.default | ||
| 1204 | + environment.add_admin(user) | ||
| 1205 | + environment.settings[:disable_header_and_footer_enabled] = true | ||
| 1206 | + environment.save! | ||
| 1207 | + | ||
| 1208 | + login_as('user') | ||
| 1209 | + | ||
| 1210 | + get :header_footer, :profile => user.identifier | ||
| 1211 | + assert_response :success | ||
| 1212 | + end | ||
| 1187 | end | 1213 | end |